From patchwork Thu Nov 11 16:02:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Mikhalitsyn X-Patchwork-Id: 12615267 X-Patchwork-Delegate: dsahern@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D66CC433F5 for ; Thu, 11 Nov 2021 16:03:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0090960EE4 for ; Thu, 11 Nov 2021 16:03:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233153AbhKKQFt (ORCPT ); Thu, 11 Nov 2021 11:05:49 -0500 Received: from relay.sw.ru ([185.231.240.75]:37464 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232033AbhKKQFs (ORCPT ); Thu, 11 Nov 2021 11:05:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=MIME-Version:Message-Id:Date:Subject:From: Content-Type; bh=BFPiz+G2DhGiNNDU+3waCwWzi8TFUtlLAAkPxNpS/tA=; b=oUA1X/D2wpyj JwxkXa6DHrJitduQoB3E2Uf006sb1reqKZYE1QQG5F5Tx5vX5wbs1Rlv/rNCDBKMNH/OW3TTjcTRj xvzrnOFPBysvVaYbnbkDhB1aTkjRF9C0UVSlSbvmitJ8ZIcSuWYT/fGfeht8WC3wVGh3VvtwPu0yj 5SNP0=; Received: from [10.94.6.52] (helo=dhcp-172-16-24-175.sw.ru) by relay.sw.ru with esmtp (Exim 4.94.2) (envelope-from ) id 1mlCXP-0090KY-FJ; Thu, 11 Nov 2021 19:02:55 +0300 From: Alexander Mikhalitsyn To: netdev@vger.kernel.org Cc: Alexander Mikhalitsyn , David Miller , David Ahern , Stephen Hemminger , Ido Schimmel , Jakub Kicinski , Andrei Vagin , Pavel Tikhomirov , Alexander Mikhalitsyn Subject: [RFC PATCH iproute2] ip route: save: exclude rtnh_flags which can't be set Date: Thu, 11 Nov 2021 19:02:39 +0300 Message-Id: <20211111160240.739294-1-alexander.mikhalitsyn@virtuozzo.com> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: dsahern@gmail.com X-Patchwork-State: RFC During "ip route save" we preserve all rtnh_flags, even those that can't be set directly by the userspace. This looks like a bug because a user can't restore route dump which was generated by "ip route save" back. This also prevents CRIU from correct restore of the containers with some route configurations inside. Reproducer: $ ip link add type veth $ ip addr add 10.0.0.1/24 dev veth0 $ ip link set veth0 up $ ip route add default via 10.0.0.1 $ ip route save > route_dump $ ip route restore < route_dump Error: Invalid rtm_flags - can not contain DEAD or LINKDOWN. Let's just omit non-settable rtnh_flags from the dump image. According to the check in the fib_create_info() kernel function it looks like we can't restore back only RTNH_F_DEAD and RTNH_F_LINKDOWN flags. But according to the ip route command manual user may set only RTNH_F_PERVASIVE and RTNH_F_ONLINK flags. Does this mean that all rest flags such as RTNH_F_OFFLOAD, RTNH_F_TRAP, and so on should be also filtered out on the kernel side as RTNH_F_DEAD and RTNH_F_LINKDOWN? I've checked that at the moment kernel doesn't prevent the setting of RTNH_F_OFFLOAD and RTNH_F_TRAP from the userspace side. Is this correct? If not then I am ready to prepare corresponding patches for the kernel. See also [RFC PATCH net-next] rtnetlink: add RTNH_F_REJECT_MASK Cc: David Miller Cc: David Ahern Cc: Stephen Hemminger Cc: Ido Schimmel Cc: Jakub Kicinski Cc: Andrei Vagin Cc: Pavel Tikhomirov Cc: Alexander Mikhalitsyn Signed-off-by: Alexander Mikhalitsyn --- include/uapi/linux/rtnetlink.h | 3 +++ ip/iproute.c | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/include/uapi/linux/rtnetlink.h b/include/uapi/linux/rtnetlink.h index e01efa28..3ce9ba3c 100644 --- a/include/uapi/linux/rtnetlink.h +++ b/include/uapi/linux/rtnetlink.h @@ -417,6 +417,9 @@ struct rtnexthop { #define RTNH_COMPARE_MASK (RTNH_F_DEAD | RTNH_F_LINKDOWN | \ RTNH_F_OFFLOAD | RTNH_F_TRAP) +/* these flags can't be set by the userspace */ +#define RTNH_F_REJECT_MASK (RTNH_F_DEAD | RTNH_F_LINKDOWN) + /* Macros to handle hexthops */ #define RTNH_ALIGNTO 4 diff --git a/ip/iproute.c b/ip/iproute.c index 1447a5f7..88faadeb 100644 --- a/ip/iproute.c +++ b/ip/iproute.c @@ -1632,6 +1632,12 @@ static int save_route(struct nlmsghdr *n, void *arg) if (!filter_nlmsg(n, tb, host_len)) return 0; + /* + * Exclude flags which can't be set directly + * by the userspace from the rtmsg dump. + */ + r->rtm_flags &= ~RTNH_F_REJECT_MASK; + ret = write(STDOUT_FILENO, n, n->nlmsg_len); if ((ret > 0) && (ret != n->nlmsg_len)) { fprintf(stderr, "Short write while saving nlmsg\n");